Privacy Policy
Last updated: June 2, 2026
This Privacy Policy explains how GlimmoraShield (“GlimmoraShield”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects your information when you use the GlimmoraShield application and website at glimmorashield.glimmora.ai (the “Service”). GlimmoraShield is a digital-safety application that helps users in India and Southeast Asia detect scams, protect their identity, monitor their security posture, and keep their families safe. By using the Service, you agree to the practices described in this policy.
1. Information we collect
We collect only the information needed to provide the Service:
- Account information. Your name and email address when you create an account or sign in (including sign-in with Google, which provides your basic Google profile and email address).
- Google account data (Gmail). If — and only if — you explicitly connect your Gmail account, we access your messages using Google’s read-only Gmail permission to scan for scams and phishing. See section 2 for full details.
- Scan and activity data. Messages, SMS text, URLs, and emails you submit for analysis, together with the safety results we generate (risk level, scam type, and recommendations).
- Location data. If you use the Family or Ride Safety features, we process your device location (obtained from your browser only while the feature is open and you have granted permission) to provide live location sharing, safe-zone alerts, and journey monitoring.
- Community reports. Scam reports you choose to submit. Any scammer contact detail you include is anonymised before it is shown to other users.
- Payment information. When you purchase a subscription, payment is processed by our payment provider (Razorpay). We receive a payment confirmation and subscription status; we do not collect or store your full card or bank details.
2. Google user data and Gmail access
The Gmail feature is strictly optional. We do not request Gmail access when you sign in. We request it only through a separate “Connect Gmail” action that you start yourself, and only after you grant consent on Google’s screen.
- Scope requested. We request the single scope
https://www.googleapis.com/auth/gmail.readonly. This is read-only access. We cannot send, delete, modify, or compose email on your behalf. - How we use it. We read your messages solely to analyse them for scams, phishing, and fraud, and to present those safety results to you inside the Service. We do not use Gmail data for any advertising or for any purpose unrelated to this security feature.
- What we store. For each message we scan, we store the sender, the subject line, a short text snippet, and the safety analysis (risk level, confidence, scam type, and recommendations) so you can review your scan history. We do not store the full body of your emails, and we do not store attachments.
- What we never do. We do not sell your Gmail data, we do not transfer it to third parties except the limited service providers needed to run the feature (see section 4), we do not use it to train generalised or third-party AI/ML models, and we do not allow humans to read it except where you explicitly ask us to, where required for security or to comply with applicable law, or in limited cases necessary to operate or improve this feature in compliance with Google’s policies.
- Revoking access. You can disconnect Gmail at any time from within the Service, or revoke GlimmoraShield’s access from your Google Account at myaccount.google.com/permissions. When you disconnect, we stop accessing your Gmail and delete the associated access tokens.
3. Limited Use disclosure (Google API Services User Data Policy)
GlimmoraShield’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
4. How we share information
We do not sell your personal information. We share data only with the service providers needed to operate the Service, and only to the extent required to provide their function:
- Google — authentication and Gmail access, with your consent.
- AI analysis providers — content you submit for scanning (such as an email snippet, SMS, or URL) may be processed by our AI provider solely to produce the safety result. It is not used by them to train their models for other customers.
- Razorpay — payment and subscription processing.
- Email and hosting providers — transactional email delivery and secure cloud hosting and database storage.
We may also disclose information where required by law, to protect the rights and safety of our users, or in connection with a business transfer, in each case consistent with this policy.
5. Data retention
We retain your account information for as long as your account is active. Scan history and related data are kept so you can review past results, and are deleted when you delete the associated record or your account. When you disconnect Gmail or delete your account, we delete the related Google tokens and stop accessing your Google data.
6. Data deletion and your rights
You may access, correct, or delete your personal information, and you may delete your account at any time from within the Service or by contacting us. On account deletion, we remove your personal data except where we are required to retain certain records by law. You can revoke Gmail access independently at any time as described in section 2.
7. Security
We protect your data using industry-standard measures, including encryption of data in transit (HTTPS), access controls, and secure storage of credentials and tokens. No method of transmission or storage is completely secure, but we work to protect your information and to limit access to it.
8. Children's privacy
The Service is intended for adults. Where a parent or guardian uses the Family feature to protect a minor, that adult is responsible for obtaining any consent required and for the information they choose to share. We do not knowingly collect personal information directly from children for our own purposes.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, notify you within the Service. Your continued use of the Service after an update means you accept the revised policy.
10. Contact us
If you have any questions about this Privacy Policy or your data, contact us at glimmora52@gmail.com.